Did Microsoft Focus Too Much On Security In Vista?

from the so-secure-no-one-uses-it dept

For years, Microsoft's software has had the (in some cases, well-deserved) reputation for being rather insecure -- leading many who were concerned about security to look for alternatives. However, a few years back, Bill Gates made it a focus within the company to change that and to make Microsoft's products much more secure, knowing that it was important to buyers. While some may question how successful Microsoft has been, how ironic is it that some are now claiming that Microsoft's focus on security in Vista is what's hurting adoption of the company's new operating system? It turns out that, while security is important to users, it's not so important that it comes at the expense of other things -- like stability and compatibility. In other words, while focusing on security, Microsoft may have dropped the ball on other features that actually are more important in the buying and upgrading decisions. On top of that, it appears that some people (again, reasonably so) are a bit annoyed that Microsoft is now touting "security" as a major feature of Vista -- as the company is basically admitting that it screwed up in previous products, and you should now pay Microsoft to upgrade away from its own crappy security. Not exactly a strong selling point.

Security my ass!

The 'security' in Vista is pretty similar to the 'security' at American Airports since 9/11. It's intrusive, annoying, and therefore might make some people feel that "something is being done" to make them more secure.

Even Apple stole a few features...

Vista has a feature that randomizes the locations of the kernel and other core components in RAM. Funny thing is, Apple added that in Leopard... This feature makes it VERY difficult for attackers to know where it is in RAM and modify it, and thus crash the system, etc.

I just find it funny that when MS takes a good feature from Apple, everyone cries foul and bitches about it endlessly. But when Apple steals from MS, its kept quiet... lol

Re: Stole a few features??

Actually, address-space layout randomization (ASLR) was being worked on by many groups for years before Vista came out. The first shipping systems to incorporate it were almost certainly open-source ones, probably the BSDs.

What else is new?

Every single release of Windows touts new "features" that should have been standard in the last version. There were at least of three versions of Windows that were marketed as "now with USB support". The "support" only actually worked in the last of those versions.

It's ironic

When Dimdows XP first came out, it was supposed to be a major step forward in terms of security, reliability, robustness and all the rest of it, because it was built on top of the Dimdows NT foundation, not the creaky old 9x/ME house of cards.

But it appears all the software developers (Microsoft included) continued to write their code in exactly the same old way, assuming that they could get total control of the machine as of right. And so we ended up with the ridiculous situation where even apps like games need administrator privileges to run.

Now, with Vista, Microsoft has been trying to achieve a whole number of things: tighten security, add new functionality, maintain maximum backward compatibility. But these have turned out to be contradictory goals: you simply cannot achieve all of them by building on top of the Dimdows XP base. So the result is that Microsoft has only partially achieved any of them, leaving Vista a confused mess of not-very-strong selling points.

It's not just the security (such as it is) that's the problem: it's the whole package.

Vista security

What constitutes an appropriate level of security depends upon the value of the information / services being protected and the threat environment that it is deployed into. It appears to me that customers don't want to pay for security, they want features with the security as an expected characteristic. Even worse, they want to keep their legacy features, features that were designed for deployment into a far more friendly environment and which may no longer be appropriate for a more hostile environment.

The community has been roasting MS for years now about its security. With XP SP2 and 2K3 SP1, Microsoft started hardening the OS, even at the expense of breaking some legacy issues. Support for Windows ME was abandoned over the security issue alone -- WinME was not designed for the modern threat environment and could not be practically upgraded for it. With the hardening of XP SP2 and 2K3 SP1, the security bar was raised enough that Microsoft started seeing a significant shift in attacks to the applications and plug-ins rather than the OS.

With Vista and Server 2K8, Microsoft got reasonably serious about security. Numerous features were removed from the product because of security issues, the driver model for many drivers was changed, and a lot of internal hardening was done. Parsers were fuzzed and lots of security issues were locked down.

In my mind, the most important security enhancement is one that Microsoft does not talk about -- it is exceedingly difficult to run XP as a normal (non-administrative) user. It is quite straightforward to do so in Vista and reasonably well written apps will do so without a problem. I am running Vista on my home systems with us running as normal users. I use an administrative account for administration. This is the same approach I took 20 years ago, when I was administering Unix systems.

The problem as I see it, is that the community got into a lot of very bad habits (running as administrator / local system) and wants to continue doing so with network-facing applications. You can't really protect such things with VM's, BSD / chroot jails, or other defense mechanisms. You need the application developers to use appropriate least privilege approaches.

Unlike OSX, which is supported only for 2 minor releases (I was a user of OS 10.1), about 3 years; Microsoft supports their users for 7 to 10 years and does not rapidly deprecate legacy support. This is also far longer that the *nix and BSD environments. This makes the legacy problem much greater, as approaches that might well have been appropriate in 1995 are no longer appropriate -- but somebody's LOB app needs it.

YES

I am glad this article was written! It really explains most of my feelings on the matter. Vista boasts security over usability. There really was nothing unique about Vista in terms of functionality. It is one big fancy XP upgrade.

Same old, same old

As far as randomizing the layout of address spaces, that feature has been present in open-source systems for years (facilitated, for example, by gcc's Position-Independent Code feature; OS X uses gcc).

And despite the FUD, Vista's security isn't what's been holding it back; once again, it's the usability. Sadly enough, the NT kernel has had a very good internal security model for several major versions, but MS has always left in workarounds so that the programs that weren't up to spec would still work. When Vista eliminated many of these workarounds, the developers of these broken packages threw a fit. Similarly, the UI for managing Windows security (up through and including UAC) has been so clumsy that users would rather not deal with it. OS X does almost exactly the same thing as UAC without being obnoxious.

Vista's Swan Song??

After damning sales reports from the business commmunity, it seems as though Vista is facing early retirement. Microsoft's announcement of a new OS on the horizon has sealed the deal - Vista is dead in the water.

It's all your fault

Microsoft has, as we all know, 95% of the market. That's their problem, they tried to please everyone. They listened to every one bitch about the security and tried to fix it while still having ease of use, compatibility, and function. They upped security and now everyone is complaining that they cant do anything even though it was the uneducated user that is the biggest security risk.

Vista - Microsoft payed attention to it's users for once and this is what happened.

Since you've all got it figured out...

Amen, Chronno. Maybe all of you who have so deftly figured out all these problems should either apply for jobs with MS so you can fix them or build your own OS that will be perfect and therefore usher us all into the computing utopia we so desperately deserve. It's easy to point fingers, but none of you can deny that computer technology would not be nearly as advanced today were it not for Microsoft. Despite their faults. They are simply the biggest target on the board, which earns them a lot of darts.

The problem is less that Microsoft tried to "fix" security and more with what "security" they decided needed fixing.

There's no doubt that they've improved large security problems in the OS. You can do all the fixing you want but if you start with a flawed concept nothing you do out of that will be 100% correct. Microsoft's concept of security is that they need to hide as much as they can from the user and to keep the OS in control of the user. There's something inherently wrong when something is going on with the system such that it responds slowly, the hard disk is being accessed almost constantly but yet the process manager claims that my system is 100% idle.

Some of the biggest security "improvements" in Vista have been less about securing the system from malware and more about DRM control.

Until the improvements focus less on trying to control the user things won't improve.

Re:

There are two versions of security on Vista, the kind that keeps bad guys out and the kind that treats the user as a bad guy.

It's the second one that bothers people.

Yes, but since in most cases the security-related damage done to a PC is self-inflicted, I'm not sure that's a bad thing. How many people hose their PC by accessing malware sites, installing mysterious "video codecs" that are actually trojans, etc?

Re: Vista's Swan Song??

After damning sales reports from the business commmunity, it seems as though Vista is facing early retirement. Microsoft's announcement of a new OS on the horizon has sealed the deal - Vista is dead in the water.

Uh...Vienna (the successor to Vista) isn't slated for release until at least 2010. Vista was released in November of 2006. That's a 3-4 year lifespan. And knowing how Microsoft doesn't always hit their earliest development targets, I'd be surprised to see it by the end of 2010/early 2011. Anyone who knows anything about software development knows that when you ship a version, you start working on the next version. Apple, IBM, Sun, HP, and every other OS vendor out there does the exact same thing. Even the Linux kernel devs work that way. In fact, if I'm not mistaken the Linux kernel guys have a plan for the next several versions of the kernel.

Re: Wow Shock

Vista runs better than XP. No duh.
It better, otherwise what did Microsoft do for 7 years?
And UAC is not better security it just pushes the responsibility onto Grandma. Like she is going to know if the attachment of new baby pictures is really a Trojan. UAC just gives MS the excuse to wash their hands of security.

my two cents

I've never posted before but Vista was built for everyday users not your home user reading techdirt everyday. It is so that the 15 year old child or 70 year old grandmother can play safe with the computer without having to worry about there own safety. This is what drives the market with a product like vista, the home user, and that it is safe for everyone. The people that are tech savy or even reading this blog can easly turn off the safety that vista offers and use a third party or customize it .

If I wanted...

Vista Security

It would appear the majority of the people reading this are Linux fans anyway and prefer to bash Microsoft without doing some research. Most of you people reading this owe Microsoft for the fact you have your job. It was their vision and OSes that have brought computing to the masses. And one way or the other, you have your job today because of them.

Think because your shop runs pure Linux means that you don't? Well, your company more than likely does business with companies that are Windows shops, and they wouldn't be in business without Microsoft.

Is Microsoft perfect? No. But I realize I am employed because of them.

You can say what you want about *nix or bsd that has this, or OSX has that. Or *nix is more secure, or OSX is more secure.

The fact remains that there will be more installations of Vista in the hands of noobs than there will ever be installations of *nix, bsd and osx combined for the next 5 years.

As I see it, the security in *nix, bsd and osx is obscurity. For the most part, *nix and bsd are in the hands of people that know what they are doing (at least technically). OSX has obscurity and some decent security built in, but it's more obscurity since there's been security holes that if there were the same number of OSX machines as Windows in the world, would have had the same problems.

None of my friends outside of my industry counterparts even know what Linux is. My parents don't, my neighbors don't. They all know what Vista is though, and in most cases running it.

Re: Re: Wow Shock

>

But of course that's *after* the initial investment of paying extra for the dedicated Apple hardware.

The laptop I'm using now has similar specs to a 17" Macbook Pro but cost about a third of the price. OK, it's not as cute as the Macbook, but even with the purchase of an additional copy of Vista (it came with XP) it's still more than $1000 less.

Need Better Definition of Security

Security, as a concept is to ambiguous. Security to me is protection from external threats. The use of DRM technologies is NOT security. Hiding DRM related issues under the umbrella of concept of security is Orwellian Newspeak.

On the issue of security, on several occasions I have had to work on an unbootable windows system. It sure would be nice if I could boot from the Windows CD and work on the computer, but alas, Microsoft seems to have made that impossible. I assume that this was done for "security reasons" to prevent someone from walking around with a CD to get access to your computer. These type of "security" unfortunately is useless anyway and simply makes it harder to work on your computer.

Vista is pre-compromised on installation

Vista can't be secured - no operating system
with embedded DRM can be secured, since it's a design
goal of DRM to remove part of the control of the system
from the operator and vest it in a third party. To put it
another way: the only way that DRM can work as it's intended
to work is to compromise the system, which is of course
a fundamental design error.
I doubt M$ will abandon this approach, however -- they
seem to have their lot in with the copyright cartel, and their
users seem willing to tolerate that choice.

It is only a matter of time until malware specifically
architected to exploit this gaping hole emerges. (Of course,
it may be a while; they are many other more easily-exploited
holes so there isn't serious motivation to create it just yet.
But if history repeats itself -- and it will -- those holes will
slowly be patched over the next several years, at which point
it will probably be worth someone's time to take this route.)

Security is not the problem...

Nearly every complaint I've encountered seems to me to be a direct result of a disconnect between Microsoft's GUI development strategy and the early adopter community: the interface was written to be easy for novices... and the early adopter community tends to have advanced users.

Personally, having to go through 4 screens and a wizard to get to settings I change multiple times a day (such as the network or display settings) almost drove me batty until I gave up and created my own shortcuts in the quicklaunch.

I've been running Vista since early beta versions, and find the security to be fairly well implemented, perhaps how it should have been done in the first place.

Yes, there are compatibility issues with many LOB apps and old hardware that aren't written with security in mind, but those will eventually be worked out. For example, I was pleasantly surprised when Quickbooks finally created a version that didn't require the user to be an administrator to run it, just to be Vista compatible.

I've installed one copy of Vista

That for a media center, as that is the one thing Vista does better than XP. Since it will be operated with a remote control, the issues won't be a problem. However, setting it up does remind one of the Mac-PC commercials. Does it really help security to have to verify every step of a simple needed software install? After about the third one I was jumping through the hoops with style. It will be about as effective as eula, people will skip through them so fast reading won't be given a thought.

Vista Security

The selling point for me that made me give up on the idea of Vista (as I have stated how many times now?) is the DRM.
No reason to toss in DRM security into an OS, no reason AT ALL. Why should an OS want to limit what i can do for simple video output of high def content over a specific medium?
DRM ruined Vista for me. I will not get it because I love media, and do not want to be prevented from watching High Def on my TV that I play from my PC. Simple.
Although I know that is probably beyond the average user, and consequently not considered by the them.

As a previous poster mentioned, anyone sitting here reading techdirt is not your average user.

Re: Vista Security

I have yet to encounter a media file it wouldn't play, with the proper codec installed. Most of my files are AVI/XviD, with an occasional X264, if the input is HD so is the output, if there are issues with this, I haven't noticed them. Media Center is the "killer app" for Vista. Now what is needed is a Version like XP-Media Center cheaper and trimmed down to be specific for HTPC.

Re: Vista Security

Yes I'm a Linux fan. Not because I just know Linux, or because I work on Linux. It is because I have been working with computers since 1973. I have administered everything from Windows (from DOS to XP), I have administered multiple Unix and Linux platforms. In my shop I have Linux, SGI, Mac and Wondow (XP, 2003, and Vista). I can say from experience that Windows is the worst operating system I have ever had to administer and secure.
The problem with Windows (always has been always will be) is that the fundamental architecture is flawed. Windows is monolithic unix/linux/mac are modular. Under Windows everything is tied the the kernel, and those things that should not be tied to the kernel such as the browser and media player have been tied to lock in the user.
Currently my profession is in security and I'm having a bear of a time trying to figure out how to prevent one malware from taking down my entire Windows network. It seems that every part of Windows is susceptible to attack. If the File Shares don't get you it is the RPC. Yes I know RPC was invented by SUN but everyone else has pretty much abandon RPC except for Microsoft. I turn off portmapper ASAP on all my Unix/Linux servers. If RPC does not get you it is IE or Outlook, or Media Player or multiple other things that take control of the operating system. With my Linux servers every application (DNS, MAIL, APACHE, etc) runs as chroot. This cannot be done in Windows. When a user logs on as themselves they can ONLY compromise themselves (their little environment) they cannot compromise the kernel.
Obscurity is the why *nix is more secure. *nix is secure because it was written secure from the start. It is modular and well thought through. It is NOT designed by Marketing or driven by sales. Its design is driven by those who really love what they are doing and do it well. *nix does not write a browser nor a media player others do that. *nix writes the OS and only the OS. Gnome/KDE writes the gui interface. Firefox, KDE, Gnome, and others write the browser. Multiple others write the media or the photo editors, or games, or anything else. *nix writes the OS and only the OS as it should be.

On Vista Security

If the user is running as an administrator, you are hosed if they do load malware, and it doesn't matter if they are running Windows, *nix, BSD, OSX, etc.

The problem with Windows is that users typically run as administrators. In most BSD and *nix distros, they do not.

As I said in my much earlier post, it is quite feasible to have users run as normal users in Vista. This was not really feasible in XP or earlier MS client OS's. It is also feasible on 2K3 and Server 08. Indeed, I am writing this on a notebook that is running Server 08, with me running as a normal user.

The problem is less Microsoft, and more the third party software vendors, who write SW that assume system / administrator permissions - updating drivers, executables, and privledged routines (such as game watchdogs, which have grabbed the debug privledge). If you run such software on *nix systems, you will have equivalent security problems.

Re: On Vista Security

Any program can be executed in a chroot'ed environment on a *nix machine. Even if it was not designed to do so. Only laziness would prevent one from doing so. It matters not what the application was designed to do or how bad it was written. You just jail the application. The application can be compromised but not the server. The point is you do not have such a choice with Microsoft. They cannot do this because of how the monolithic architecture is designed. You have to have admin/system privileges to run some programs.

The Users

Microsoft can add all the security they want, but they will never make Windows fully secure against their own users.
Here are just two (very common scenarios):

1) 70-year grandpa just wants to check his e-mail and look at the pictures of the kids. He's sick of the endless questions asking him if he really wants to run Outlook and Photo Viewer, so he asks his techie friend to help. His friend then switches Vista to run in admin mode. Problem solved: no more annoying security questions.

2) Users ignore the messages, which comes as no surprise to anyone who watches people work with Windows. It goes something like this:

Vista: Do you want to allow QuickBooks to run?
User: Yes, let me get to work.

Vista: Do you want to allow Canon J234 printer driver to install?
User: Duh, I need to print.

Vista: Do you want to allow Word to run?
User: Geez, yes already.

Vista: Do you want to allow Trojan N32.exe Worm to run?
User: YES! I swear I'm going to throw you out the window if you don't stop with these ***ing questions!

And now the user has purposely allowed Windows to execute a trojan just because he's so fed up with the security questions.

So, how exactly do these "security questions" add "security"? Like a poster said above, this seems more like "security theater": Microsoft added a feature that was highly visible and that they could show off as "doing something", without ever looking at the underlying causes of how users themselves spread worms and viruses.